get paid to paste

ComboFix 09-08-29.01 - - Digiplay - Agust-2009  7:22.2.2 - NTFSx86
Running from: d:\documents and settings\- Digiplay -\Desktop\CFX.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Rising Antivirus  *On-access scanning disabled* (Updated) {234E4A88-48FA-4220-A994-5323706FF524}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
d:\docume~1\-DIGIP~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Rising Antivirus.lnk
d:\windows\system32\(1)url.dll
d:\windows\system32\C4AFAF6E_mciole16.dll
d:\windows\system32\C4AFAF6E_url.dll
d:\windows\system32\CFB06411_url.dll
d:\windows\system32\system.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNETLPDDJMNR
-------\Service_SKYNETlpddjmnr


(((((((((((((((((((((((((   Files Created from 2009-07-28 to 2009-08-31  )))))))))))))))))))))))))))))))
.

2009-08-31 11:06 . 2009-08-31 11:06	96976	----a-w-	d:\windows\system32\drivers\klin.dat
2009-08-31 11:06 . 2009-08-31 11:06	87855	----a-w-	d:\windows\system32\drivers\klick.dat
2009-08-31 11:06 . 2009-08-31 11:15	--------	d-----w-	d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-31 11:06 . 2009-08-31 11:06	--------	d-----w-	d:\program files\Kaspersky Lab
2009-08-31 10:18 . 2009-08-31 10:18	--------	d-----w-	d:\program files\Rising
2009-08-31 04:50 . 2009-08-31 04:50	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\.purple
2009-08-30 04:10 . 2009-08-30 04:10	--------	d-----w-	D:\RegClean
2009-08-30 04:06 . 2009-08-30 04:06	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Local Settings\Application Data\Mozilla
2009-08-30 04:01 . 2009-08-30 04:01	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\Malwarebytes
2009-08-29 17:48 . 2009-08-29 17:50	--------	d-----w-	D:\ConvertXtoDVD
2009-08-29 16:02 . 2009-08-29 17:33	--------	d-----w-	d:\windows\BDOSCAN8
2009-08-29 15:17 . 2009-08-29 15:17	--------	d-----w-	d:\documents and settings\All Users\Application Data\F-Secure
2009-08-29 15:14 . 2009-08-30 08:42	--------	d-----w-	d:\program files\Alwil Software
2009-08-29 05:58 . 2009-08-30 05:52	--------	d-----w-	d:\documents and settings\- Digiplay -\.housecall6.6
2009-08-29 05:53 . 2009-08-29 05:53	--------	d-----w-	d:\documents and settings\All Users\Application Data\CA
2009-08-29 04:38 . 2009-08-29 04:38	23	--sha-w-	d:\windows\system32\abedaebd_x.dat
2009-08-29 04:38 . 2009-08-29 04:39	--------	d-----w-	d:\program files\jv16 PowerTools 2009
2009-08-28 07:29 . 2009-08-28 07:29	--------	d-----w-	d:\program files\Trend Micro
2009-08-28 06:53 . 2009-07-28 20:33	55656	----a-w-	d:\windows\system32\drivers\avgntflt.sys
2009-08-28 05:42 . 2009-08-28 05:42	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\Malwarebytes-BackupByMalwarebytesPortable
2009-08-27 14:09 . 2009-08-27 14:09	--------	d-sh--w-	d:\documents and settings\- Digiplay -\PrivacIE
2009-08-27 06:52 . 2009-08-27 06:52	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\URSoft
2009-08-27 06:09 . 2009-08-27 06:09	--------	d-sh--w-	d:\documents and settings\NetworkService\IETldCache
2009-08-27 01:12 . 2009-08-27 01:12	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Local Settings\Application Data\Thinstall
2009-08-27 01:12 . 2009-08-27 01:12	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\Thinstall
2009-08-26 23:33 . 2009-08-26 23:33	--------	d-sh--w-	d:\documents and settings\Administrator.DIGIPLAY\PrivacIE
2009-08-26 23:19 . 2009-08-27 00:42	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\PC Tools
2009-08-26 23:19 . 2009-08-26 23:19	--------	d-sh--w-	d:\documents and settings\Administrator.DIGIPLAY\IETldCache
2009-08-24 17:55 . 2009-08-24 17:55	--------	d-----w-	d:\program files\WhatsRunning
2009-08-24 17:40 . 2009-08-24 17:40	--------	dc-h--w-	d:\windows\ie8
2009-08-24 17:38 . 2009-08-24 17:38	--------	d-----w-	d:\windows\system32\xircom
2009-08-24 17:38 . 2009-08-24 17:38	--------	d-----w-	d:\windows\system32\wbem\snmp
2009-08-24 17:38 . 2009-08-24 17:38	--------	d-----w-	d:\windows\srchasst
2009-08-24 17:38 . 2009-08-24 17:38	--------	d-----w-	d:\program files\microsoft frontpage
2009-08-24 17:31 . 2009-08-24 17:35	--------	d-----w-	d:\documents and settings\All Users\Application Data\Rising
2009-08-24 06:06 . 2009-08-24 06:06	--------	d-sh--w-	d:\windows\system32\config\systemprofile\IETldCache
2009-08-24 06:06 . 2009-08-24 06:06	--------	d-sh--w-	d:\documents and settings\- Digiplay -\IETldCache
2009-08-24 05:57 . 2009-08-26 23:05	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\PC Tools
2009-08-24 05:41 . 2009-08-24 05:41	--------	d-----w-	D:\MalwarebytesPortable4
2009-08-23 23:49 . 2009-08-23 23:49	--------	dc-h--w-	d:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-08-23 23:49 . 2009-08-23 23:49	--------	d-----w-	D:\driverscanner2009
2009-08-23 23:23 . 2009-08-31 10:48	164424	----a-w-	d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-23 23:23 . 2008-07-06 12:06	89088	------w-	d:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-23 23:23 . 2008-07-06 12:06	575488	------w-	d:\windows\system32\dllcache\xpsshhdr.dll
2009-08-23 23:23 . 2008-07-06 12:06	1676288	------w-	d:\windows\system32\dllcache\xpssvcs.dll
2009-08-23 15:38 . 2009-08-23 15:38	89088	----a-w-	d:\windows\system32\osuninst.dll
2009-08-23 10:42 . 2009-08-23 10:42	995383	----a-w-	d:\windows\system32\FE386AD8_mfc42.dll
2009-08-23 10:41 . 2009-08-23 10:41	135168	----a-w-	d:\windows\system32\C4AFAF6E_nvcod.dll
2009-08-23 10:40 . 2009-08-23 15:38	2933248	----a-w-	d:\windows\system32\5B5E8ADD_System.Data.dll
2009-08-23 05:08 . 2009-08-23 23:43	--------	d-----w-	d:\windows\DLLArchive
2009-08-23 04:34 . 2009-08-23 04:34	--------	d-----w-	d:\program files\AnalogX
2009-08-23 00:18 . 2009-08-23 00:18	104	----a-w-	d:\windows\system32\SBRC.dat
2009-08-22 14:22 . 2009-08-22 14:22	552	----a-w-	d:\windows\system32\d3d8caps.dat
2009-08-22 11:45 . 2009-08-22 11:45	--------	d-----w-	d:\documents and settings\Administrator.DIGIPLAY\Application Data\Stardock
2009-08-22 10:46 . 2009-08-23 00:07	--------	d-----w-	d:\program files\OnBelay V2
2009-08-22 10:45 . 2009-08-22 10:46	24576	----a-w-	d:\windows\system32\OV2INSTX.DLL
2009-08-22 10:45 . 1998-10-29 20:45	306688	----a-w-	d:\windows\IsUninst.exe
2009-08-22 10:12 . 2007-11-28 14:21	10588	----a-w-	d:\windows\system32\drivers\mpfilt.sys
2009-08-22 08:22 . 2009-08-22 14:54	--------	d-----w-	d:\program files\Compaq
2009-08-22 08:08 . 2009-08-22 08:46	--------	d-----w-	D:\DriveKey
2009-08-22 06:47 . 2009-08-22 06:51	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\ImgBurn
2009-08-22 06:45 . 2009-08-22 06:45	--------	d-----w-	d:\program files\ImgBurn
2009-08-21 05:19 . 2009-08-24 04:27	--------	d-----w-	D:\MOVIES-VIDS
2009-08-20 18:37 . 2009-08-21 07:34	--------	d-----w-	d:\program files\youtube2mp3
2009-08-20 18:02 . 2009-08-20 18:01	679936	----a-w-	d:\windows\system32\xvidcore.dll
2009-08-20 17:54 . 2009-08-21 09:11	--------	d-----w-	D:\YoutubeMP3
2009-08-20 08:15 . 2009-08-20 08:15	--------	d-----w-	D:\Backtrack
2009-08-20 08:13 . 2009-08-20 17:29	--------	d-----w-	D:\Backtrack4
2009-08-20 08:05 . 2009-08-20 08:17	--------	d-----w-	d:\program files\CommViewWiFi
2009-08-20 07:43 . 2009-08-20 07:57	--------	d-----w-	d:\program files\CommView
2009-08-19 20:08 . 2009-08-19 20:08	--------	d-----w-	D:\Ebooks
2009-08-16 09:35 . 2009-08-31 09:50	--------	d-sh--w-	d:\documents and settings\All Users\DRM
2009-08-14 03:45 . 2009-08-14 03:45	--------	d-----w-	d:\documents and settings\All Users\Application Data\CounterPath
2009-08-10 03:01 . 2009-08-10 03:13	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\Mp3tag
2009-08-07 03:22 . 2009-08-07 03:23	--------	d-----w-	d:\program files\SubDownloader

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 11:34 . 2009-02-25 08:22	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\DMCache
2009-08-31 11:08 . 2009-02-25 07:47	8032	--sha-w-	d:\windows\system32\drivers\fidbox2.idx
2009-08-31 11:08 . 2009-02-25 07:47	12307488	--sha-w-	d:\windows\system32\drivers\fidbox.dat
2009-08-31 11:08 . 2009-02-25 07:47	1114144	--sha-w-	d:\windows\system32\drivers\fidbox2.dat
2009-08-31 11:08 . 2009-02-25 07:47	102472	--sha-w-	d:\windows\system32\drivers\fidbox.idx
2009-08-31 10:44 . 2009-03-02 09:41	--------	d---a-w-	d:\documents and settings\All Users\Application Data\TEMP
2009-08-31 10:27 . 2009-02-25 09:46	--------	dc-h--w-	d:\documents and settings\All Users\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}
2009-08-31 10:27 . 2009-02-25 08:12	--------	d-----w-	d:\program files\Stardock
2009-08-31 09:56 . 2009-04-10 01:30	1324	----a-w-	d:\windows\system32\d3d9caps.dat
2009-08-31 09:50 . 2009-06-12 08:50	--------	d-----w-	d:\program files\AllMyMovies
2009-08-31 09:50 . 2009-04-27 04:33	--------	d-----w-	d:\program files\Flock
2009-08-31 09:50 . 2009-02-25 08:22	--------	d-----w-	d:\program files\Internet Download Manager
2009-08-31 09:50 . 2009-02-25 08:13	--------	d-----w-	d:\program files\Resource Hacker 3.4.0
2009-08-31 09:03 . 2009-02-25 10:03	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\.purple
2009-08-29 06:42 . 2009-02-25 07:45	--------	d-----w-	d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-27 06:25 . 2009-03-12 03:51	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\Thinstall
2009-08-26 23:21 . 2009-05-06 02:13	--------	d-----w-	d:\program files\Common Files\Wise Installation Wizard
2009-08-24 02:12 . 2009-07-30 01:10	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\Move Networks
2009-08-24 01:44 . 2009-06-13 15:35	--------	d-----w-	d:\program files\Best AlarmClock
2009-08-24 00:57 . 2009-02-25 08:00	--------	d-----w-	d:\program files\Java
2009-08-23 23:38 . 2009-02-25 07:09	71768	----a-w-	d:\documents and settings\- Digiplay -\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 15:38 . 2009-08-23 15:38	84992	----a-w-	d:\windows\system32\olepro32.dll
2009-08-23 10:42 . 2009-08-23 10:42	970752	----a-w-	d:\windows\system32\F66BC5DD_System.Deployment.dll
2009-08-23 10:41 . 2009-08-23 10:41	6068352	----a-w-	d:\windows\system32\C4AFAF6E_nv4_disp.dll
2009-08-23 10:40 . 2009-08-23 10:40	997888	----a-w-	d:\windows\system32\5E757257_System.Management.ni.dll
2009-08-22 15:15 . 2009-02-25 08:28	--------	d-----w-	d:\program files\Windows Media Connect 2
2009-08-22 15:14 . 2009-07-11 08:06	--------	d-----w-	d:\program files\DivX
2009-08-22 15:14 . 2009-06-23 20:58	--------	d-----w-	d:\program files\Dziobas Rar Player
2009-08-22 11:27 . 2009-02-25 09:25	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\uTorrent
2009-08-22 08:08 . 2009-02-25 09:38	--------	d--h--w-	d:\program files\InstallShield Installation Information
2009-08-22 08:07 . 2009-02-25 09:38	--------	d-----w-	d:\program files\Common Files\InstallShield
2009-08-13 17:27 . 2009-07-17 01:08	--------	d-----w-	d:\program files\CounterPath
2009-08-05 06:39 . 2009-03-02 09:41	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\URSoft
2009-07-31 05:31 . 2009-07-31 04:24	--------	d-----w-	d:\program files\NUnit 2.5.1
2009-07-28 19:46 . 2009-02-25 08:22	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\IDM
2009-07-28 07:45 . 2009-07-28 07:41	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\TeraCopy
2009-07-28 07:42 . 2009-07-28 07:41	--------	d-----w-	d:\program files\TeraCopy
2009-07-28 07:37 . 2009-07-28 07:34	--------	d-----w-	d:\program files\Super Copy
2009-07-25 09:23 . 2009-05-06 02:00	411368	----a-w-	d:\windows\system32\deploytk.dll
2009-07-22 06:52 . 2009-04-26 17:31	--------	d-----w-	d:\program files\Yahoo!
2009-07-21 19:55 . 2009-07-21 19:55	--------	d-----w-	d:\program files\NetDragon
2009-07-19 15:28 . 2009-07-19 15:04	--------	d-----w-	d:\documents and settings\All Users\Application Data\WindSolutions
2009-07-19 15:20 . 2009-06-19 05:07	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\Yahoo!
2009-07-19 15:17 . 2009-04-26 17:31	--------	d-----w-	d:\documents and settings\All Users\Application Data\Yahoo!
2009-07-19 15:07 . 2009-07-19 15:06	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\CopyTransDoctor
2009-07-19 15:04 . 2009-07-19 15:04	--------	d-----w-	d:\program files\WindSolutions
2009-07-19 15:04 . 2009-07-19 15:01	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\WindSolutions
2009-07-17 01:08 . 2009-07-17 01:08	--------	d-----w-	d:\program files\Common Files\Intel
2009-07-16 03:25 . 2009-06-30 08:06	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\NetDrive
2009-07-11 17:02 . 2009-07-11 17:02	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\DivX
2009-07-11 08:06 . 2009-07-11 08:06	--------	d-----w-	d:\program files\Common Files\DivX Shared
2009-07-07 16:19 . 2009-03-19 08:37	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\gtk-2.0
2009-07-04 17:43 . 2009-07-04 17:39	--------	d-----w-	d:\docume~1\-DIGIP~1\APPLIC~1\DiskAid
2009-07-03 07:50 . 2009-07-03 07:50	--------	d-----w-	d:\program files\WIDCOMM
2009-07-03 02:15 . 2009-07-03 00:29	--------	d-----w-	d:\program files\PeerGuardian2
2009-06-12 08:00 . 2009-06-12 08:00	135	----a-w-	d:\documents and settings\- Digiplay -\Local Settings\Application Data\fusioncache.dat
2009-06-10 10:00 . 2009-06-10 10:00	68392	----a-w-	d:\windows\system32\sbbd.exe
2009-06-05 15:42 . 2009-06-24 00:07	39424	----a-w-	d:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-24 00:07	2060288	----a-w-	d:\windows\system32\usbaaplrc.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	d:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	d:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-23 14:52 . 2009-03-23 14:52	952	--sha-w-	d:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-08-23 15:39	516096	6FBE974874389B7D5F11870747B8622C	d:\windows\system32\user32.dll

[-] 2008-10-27 20:34	361600	038CA45522FE9B756EFB90DBFA9141EA	d:\windows\system32\drivers\tcpip.sys

[-] 2008-10-27 20:54	588800	87576541BA029261CA7C6136367E6D42	d:\windows\system32\winlogon.exe

[-] 2008-09-03 12:35	2185216	07B57AD9C3F1ACA0C9AA5C5F4898483B	d:\windows\system32\ntkrnlpa.exe

[-] 2008-09-03 12:34	2306560	3C6823D0D8BD11190D2A7A944837DB30	d:\windows\system32\ntoskrnl.exe

[-] 2008-10-27 20:48	1914880	D0C27A01327B928AF81FEF4C16355DBB	d:\windows\explorer.exe


[-] 2009-08-23 15:38	1449472	8C32A3FB3C3E6E3050A3BA77BB39D306	d:\windows\system32\comres.dll



[-] 2008-10-27 20:48	693248	46EC7ED696EFEEF5E3E39675E3E7686F	d:\windows\system32\comctl32.dll
[7] 2008-04-14 02:00	921088	AEF3D788DBF40C7C4D204EA45EB0C505	d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 02:00	1054208	BD38D1EBE24A46BD3EDA059560AFBA12	d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

d:\windows\system32\ctfmon.exe ... is missing !!
d:\windows\system32\drivers\beep.sys ... is missing !!
d:\windows\system32\msgsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="d:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2009-06-03 2645528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="d:\windows\system32\nwiz.exe" [2009-01-29 1657376]
"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [BU]
"VisualTaskTips"="d:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2009-03-08 128512]

d:\documents and settings\- Digiplay -\Start Menu\Programs\Startup\
Styler.lnk - d:\docume~1\-DIGIP~1\APPLIC~1\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-2-25 15086]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-3 572008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuFavorites"= 1 (0x1)
"Start_ShowHelp"= 1 (0x1)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 1 (0x1)
"Start_ShowMyPics"= 1 (0x1)
"Start_ShowNetConn"= 1 (0x1)
"Start_ShowPrinters"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Yahoo! Messenger v8.1.0.249\\YahooMessenger.exe"=
"d:\\Program Files\\Portable ooVoo v1.7.1.58\\ooVoo\\ooVoo.exe"=
"d:\\Documents and Settings\\- Digiplay -\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\- Digiplay -\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Documents and Settings\\- Digiplay -\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"37676:TCP"= 37676:TCP:*:Disabled:ooVoo TCP port 37676
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37678:TCP"= 37678:TCP:ooVoo TCP port 37678
"37678:UDP"= 37678:UDP:ooVoo UDP port 37678
"37679:UDP"= 37679:UDP:ooVoo UDP port 37679
"37680:TCP"= 37680:TCP:*:Disabled:ooVoo TCP port 37680
"37680:UDP"= 37680:UDP:*:Disabled:ooVoo UDP port 37680
"37681:UDP"= 37681:UDP:*:Disabled:ooVoo UDP port 37681

R0 nielprt;Nielsen Patch Service;d:\windows\system32\DRIVERS\nielprt.sys [x]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [x]
R1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [x]
R2 SBAMSvc;AntiMalware;d:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [x]
R2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [x]
R3 COMMSYM;CommView/WiFi Driver by TamoSoft;d:\windows\system32\DRIVERS\commsym.sys [2004-04-01 91392]
R3 CV2K1;CommView Network Monitor;d:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 ndfs;ndfs;d:\program files\Netdrive\ndfs.sys [x]
R3 NielGfx;Nielsen USB GFX;d:\windows\system32\drivers\nielgfx.sys [2009-03-20 9088]
R3 SBRE;SBRE;d:\windows\system32\drivers\SBREdrv.sys [x]
S0 iastor78;iastor78; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S1 vcdrom;Virtual CD-ROM Device Driver;d:\program files\System\CPL Bonus\Vcdrom.sys [2001-12-19 8576]
S2 DUMeterSvc;DU Meter Service;d:\program files\DU Meter\DUMeterSvc.exe [2009-06-03 1386008]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 R5U870FLx86;R5U870 UVC Lower Filter  ;d:\windows\system32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter  ;d:\windows\system32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
S3 ti21sony;ti21sony;d:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLBG
*NewlyCreated* - VCDROM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"d:\program files\Windows Sidebar\sidebar.exe" /RegServer
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1645522239-1417001333-1003Core.job
- d:\documents and settings\- Digiplay -\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 17:58]

2009-08-31 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1645522239-1417001333-1003UA.job
- d:\documents and settings\- Digiplay -\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 17:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3CD92933-7C68-4E57-A7FB-BFACA7FCEF81} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SharedTaskScheduler-{EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - d:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - d:\docume~1\-DIGIP~1\APPLIC~1\Mozilla\Firefox\Profiles\qdldk56v.default\
FF - prefs.js: network.proxy.type - 4
FF - component: d:\documents and settings\- Digiplay -\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: d:\documents and settings\- Digiplay -\Application Data\Mozilla\Firefox\Profiles\qdldk56v.default\extensions\{10228D1E-6D25-4ccc-903E-272D66EEC763}\components\localsearch.dll
FF - component: d:\documents and settings\- Digiplay -\Application Data\Mozilla\Firefox\Profiles\qdldk56v.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: d:\documents and settings\- Digiplay -\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: d:\documents and settings\- Digiplay -\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\- Digiplay -\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 07:34
Windows 5.1.2600 Service Pack 3, v.5512 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="d:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7737fdcf-1a8e-429e-94cc-a1f795e1d8c6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b7
"Therad"=dword:00000022
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
   df,1c,2f,3b,8a,0a,32,11,89,01,b5,02,72,34,2a,9a,b7,a6,eb,b7,1c,a3,28,fc,8d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0a,bb,de,6e,11,b3,2d,47,6a,96,66,b1,db,c5,01,a5,cc,87,e4,da,45,
   7e,31,63,70,6a,ae,06,44,7f,d8,88,c5,60,01,74,6e,a4,50,c9,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1552)
d:\windows\system32\SHDOCVW.dll
d:\program files\Utilities\VisualTaskTips\VttHooks.dll
d:\windows\system32\msctfime.ime
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\btmmhook.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\msi.dll
d:\windows\system32\credui.dll
d:\windows\system32\OneX.DLL
d:\windows\system32\MSVCP60.dll
d:\windows\system32\eappprxy.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\hnetcfg.dll
.
Completion time: 2009-08-31  7:37
ComboFix-quarantined-files.txt  2009-08-31 11:37

Pre-Run: 15.200.370.688 bytes free
Post-Run: 15.198.994.432 bytes free

379

Pasted: Aug 31, 2009, 11:54:38 am
Views: 65